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1 REMARKS 

2 These remarks follow the order of the paragraphs of the office action. Relevant portions of the 

3 office action are shown indented and italicized. 

4 DETAILED ACTION 

5 1. Claims 1-23 remain pending in this examination. Claims 15-17, and 21 remain 

6 withdrawn as being drawn to a nonelected invention. 

7 Claim Rejections -35 USC §103 

8 2. The text of those sections of Title 35, U.S. Code not included in this action can be 

9 found in a prior Office action. 

10 Claims 1-5, 8-14, 18-20,22 and 23 are rejected under 35 U.S.C. 103(a) as being 

1 1 unpatentable over Goyal et al. (USPN 6, 9 76, 258) (hereinafter Goyal) in View of Vaid et 

1 2 al. (USPN 6, 341, 309) (hereinafter Vaid). 



13 In response, the applicants respectfully state that they take continued exception with the 

14 equivalencies of the elements of the claims and the invention of Goyal. Applicants respectfully 

15 state that Claims 1-5, 8-14, 18-20, 22 and 23 as amended herein are not anticipated by the 

16 invention of Goyal. The abstract of the present invention, claimed in Claims 1-5, 8-14, 18-20, 22 

17 and 23 reads: 



1 8 The increasing number of Internet users and innovative new services such as e-commerce 

19 are placing new demands on Web servers. It is becoming essential for Web servers to 

20 provide performance isolation, have fast recovery times, and provide continuous service 

21 during overload at least to preferred customers. The invention describes a kernel-based 

22 architecture for content-aware service differentiation that protects Web servers against 

23 overload by controlling the amount and rate of work entering the system. We have 

24 invented a mechanism that provides admission control and service differentiation based on 

25 connection and application level information. The application header-based connection 

26 control uses application-level information (such as URIs and cookies for HTTP) to define 

27 different service differentiation actions. The present invention provides the kernel 

28 mechanisms that are more efficient and scalable than application level controls 

29 implemented in current Web servers. 
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1 The present invention claims a kernel-based architecture for content-aware service differentiation 

2 that protects Web servers against overload by controlling the amount and rate of work entering 

3 the system. The claimed mechanism provides admission control and service differentiation based 

4 on connection and application level information. 

5 Whereas, the cited art to Goyal , US Patent 6,976,258, filed: November 30, 1999, is entitled: 

6 "Providing quality of service guarantees to virtual hosts". The Goyal abstract reads : 

7 "A method facilitates providing appropriate quality of service guarantees to a plurality of 

8 virtual hosts on a single physical host computer. A server application program and its child 

9 processes service communication requests made to the plurality of virtual hosts. Quality of 

10 service parameters associated with the virtual hosts are stored. Communication requests 

1 1 made to a specific one of the virtual hosts are detected. The quality of service parameters 

12 associated with the specific virtual host are obtained. Operating system resources are 

13 utilized to guarantee, to a child process of the server application program, a quality of 

14 service according to the obtained quality of service parameters associated with the virtual 

15 host. Communication between the virtual host and the client is allowed to proceed, the 

16 communication being managed by the child process.". 



17 Goyal is concerned only with efficiently routing connections to one of multiple virtual hosts on a 

18 single physical system by intercepting system calls. Goyal is apparently not concerned with 

19 content-aware service differentiation that protects Web servers against overload by controlling the 

20 amount and rate of work entering the system that provides admission control and service 

21 differentiation based on connection and application level information. 

22 The other cited art to Vaid , US Patent 6,341,309, filed: December 24, 1997, is entitled: "Firewall 

23 system for quality of service management". The Vaid abstract reads: 



24 "A novel system for a network of computers to improve quality of services using a 

25 combination of a bandwidth management tool in a firewall. The present system includes, 

26 among other elements, a plurality of computers, which are each coupled to each other to 

27 form an internal network of computers (e.g., local area network or LAN). The system also 

28 includes a server, which has a memory sufficient to store a firewall program. The server is 
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1 coupled to at least one of the plurality of computers, where the server is also coupled to 

2 an outgoing line to a wide area network of computers, which can be, for example, the 

3 Intenet. A bandwidth management tool is coupled to or stored in the server, where the 

4 bandwidth management tool is capable of monitoring incoming and outgoing information 

5 to and from the server". 



6 Thus Vaid is concerned with a system for a network of computers to improve quality of services 

7 using a combination of a bandwidth management tool in a firewall. Besides, there is apparently no 

8 reason to combine Goyal and Vaid except to attempt to allegedly find a combination that employs 

9 the elements of the present claims using hindsight. This is not allowed especially when neither 

10 reference cites the other. But even when combined the references do not make the present claims 

1 1 obvious. 

12 Goyal with or without Vaid is not concerned with using application information or application 

13 header information for service differentiation as in the present claims, and are apparently not 

14 concerned with content-aware service differentiation that protects Web servers against overload 

15 by controlling the amount and rate of work entering the system providing admission control and 

16 service differentiation based on connection and application level information. The references 

17 apparently rely on network addresses which are well defined in the TCP communication protocol, 

18 not application headers as in the present claims. 

19 Applicants respectfully further state that the presently claimed invention includes a mechanism 

20 that provides admission control and service differentiation based on connection and application 

21 level information. This mechanism can be used by 1) a system that is not virtualized (e.g. a 

22 physical system) 2) inside a single virtual host 3) across multiple virtual hosts which are 

23 virtualized by the underlying system 4) a physical system with more than one application. This is 

24 not the case with any of the cited references. Thus Claims 1-5, 8-14, 18-20, 22 and 23 are 

25 allowable over the cited art combination. 



26 3. Referring to claim 1. Goyal discloses a method comprising employing at east one 

27 system for differentiating at least one service class in a kernel (i.e. operating system) by 

28 providing service differentiation as a kernel service (i.e. the Office construes the term 

29 kernel service as a system which can call the kernel to provide a service on behalf of 
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1 another entity) and using service differentiation (i.e. QoS) to perform service 

2 differentiation based on content in at least one data packet for connections accepted in 

3 said at least one system (i.e. connections are accepted pending QoS requirement 

4 fulfillment) including the steps 01: capturing at least one data packet until a complete 

5 application header is detected (all such requests are received by the server application 

6 program ") (i.e. an inherent feature of receiving a request is that the packet has an 

7 application header) (col. 6, lines 45-50); parsing said complete application header to 

8 determine at least one application tag (i.e. attribute information such as source and 

9 destination address 201 which are contained in the application header) (col. 9, lines 

1 0 28-38); matching said at least one application tag to at east one matching rule (i. e. 

1 1 where the communication channel is to one of the network addresses) (col. 9, lines 30- 

12 38); determining a presence of at least one match with said at least one matching rule 

13 (i.e. where the communication channel is to one of the network addresses) (col. 9, lines 

14 30-38) and performing service differentiation (i.e. selling the quality of service 

15 guarantees the object code calls the operating system QoS manager 127 to request an 

16 appropriate Oos guarantee to the child process 109) (col. 9, lines 38-55). 

17 Goyal does not explicitly state that the system utilizes application tags from an 

1 8 application protocol. In analogous art, Vaid discloses another QoS system which 

19 differentiates services based on application layer tags (i.e. traffic classes or traffic types, 

20 such as application protocol such as HTTP, FTP, etc.) (col. 5, lines 20-60). It would have 

21 been obvious to one of ordinary skill in the art to combine the teaching laid with Goyal in 

22 order to improve the use of bandwidth management in a wide area network by applying 

23 various techniques for rate controlling bases on various attributes of a connection as 

24 supported by Vaid (col. 2, lines 33-35; col. 5. lines 20-60). 

25 In response, the applicants respectfully states that they exception with the equivalencies of claim 1 

26 and Goyal. Goyal may disclose a plurality of network addresses where a network address is 

27 equivalent to a virtual host. This is not the steps of claim 1 . Claim 1 as amended reads: 

28 1 . A method comprising: 

29 employing at least one system for differentiating at least one service class in a kernel 

30 providing service differentiation as a kernel service based on application level information, 

3 1 and using service differentiation to provide different levels of quality of service for system 

32 performance to users to perform service differentiation based on content in at least one 

33 data packet for connections accepted in said at least one system, the step of employing 

34 providing content aware application header-based service differentiation in a Web server 

35 which communicates with clients over a network protecting the Web server against 
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1 overload by controlling the amount and rate of work entering the system, and the step of 

2 employing including the steps of: 

3 capturing said at least one data packet until a complete application header is detected; 

4 parsing said complete application header to determine at least one application tag within 

5 the kernel which include classification and action rules; 

6 matching said at least one application tag to at least one matching rule; 

7 determining a presence of at least one application tag match with said at least one 

8 matching rule; 

9 performing service differentiation action based on said at least one matching rule in order 

10 to provide a particular level of service from said different levels of service; and 

1 1 deleting and adding rules based upon a user request. 

12 Exception is taken with the alleged equivalence of cited sections of Goyal and claim 1 . Goyal col. 

13 9, lines 28-38 reads: 

14 Where the communication channel that was established is not to one of the network 

15 addresses 201 associated with one of the virtual hosts 115, the object code 121 simply 

16 exits. The channel will not be used for communication to a virtual host 115, and thus no 

17 quality of service guarantees need to be made by the present invention. Where the 

18 communication channel is to one of the network addresses 201 associated with one of the 

19 virtual hosts 115, the object code 121 requests, from the operating system 105, an 

20 appropriate quality of service guarantee for the process that called the system accept 

21 function 205. 
22 

23 To set the quality of service guarantees, the object code 121 reads the quality of service 

24 table 119, and locates the quality of service parameters for the virtual host 115 associated 

25 with the network address 201 to which the communication channel was established. The 

26 object code 121 then calls the operating system quality of service manager 127 to request 

27 an appropriate quality of service guarantee to the child process 109 that called the system 

28 accept function 205. The appropriate quality of service to guarantee is that specified by 
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1 the quality of service parameters for the virtual host 1 15 to which the communication 

2 channel has been established. Once the quality of service guarantee has been requested, the 

3 object code 121 exits, and the child process 109 sends a response 129 to the client 111 via 

4 the established communication channel. Communication between the client 1 1 1 and the 

5 virtual host 115 proceeds over the communication channel. The communication is 

6 managed by the child process 109, which has been guaranteed appropriate quality of 

7 service. 
8 

9 A review of Goyal (col 9, lines 28-38) shows that Goyal is not parsing application headers, Goyal 

10 is doing standard TCP receive processing on the communication protocol header. 

1 1 Goyal col 6, lines 45-50 does not cover "capture" a complete application header. Simply 



12 receiving a request by the server application as stated in Goyal does not detect and capture the 

13 application header. An awareness of the application header format is required as we have 

14 described using HTTP as the example. Goyal is simply receiving data NOT capturing/detecting a 

15 complete application header. 

16 Goyal (col 9, lines 30-38) is not matching said at least one application tag to a matching rule, 

17 Goyal is using standard TCP receive processing on a network communication protocol header to 

18 find a desire network address defined in a communication protocol. 

19 Goyal has not disclosed the operating system resources required to provide service differentiation 

20 (i.e. QoS). Goyal has not disclosed the content they differentiate service on, only an identification 

21 of the connection via an IP address. Goyal has not disclosed providing service differentiation 

22 based on application headers or tags. Source and destination addresses mentioned by Goyal are 

23 not included in the application header they are contained in the network transport layer. Thus 

24 claim 1 and all claims that depend on claim 1 are allowable over Goyal. 

25 Even with Vaid the elements of claim 1 are not alluded to. Vaid col. 2, lines 33-35 reads: 



26 Telecommunication techniques have been around for numerous years. In the early days, 

27 people such as the American Indians communicated to each other over long distances 

28 using "smoke signals." Smoke signals were generally used to transfer visual information 

29 from one geographical location to be observed at another geographical location. Since 

30 smoke signals could only be seen over a limited range of geographical distances, they were 
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1 soon replaced by a communication technique known as telegraph. Telegraph generally 

2 transferred information from one geographical location to another geographical location 

3 using electrical signals in the form of "dots" and "dashes" over transmission lines. An 

4 example of commonly used electrical signals is Morse code. Telegraph has been, for the 

5 most part, replaced by telephone. The telephone was invented by Alexander Graham Bell 

6 in the 1800s to transmit and send voice information using electrical analog signals over a 

7 telephone line, or more commonly a single twisted pair copper line. Most industrialized 

8 countries today rely heavily upon telephone to facilitate communication between 

9 businesses and people, in general. 
10 

1 1 Vaid col. 5, lines 20-60 reads: 

12 1. Traffic Classes 
13 

14 An embodiment of the present invention discriminates between traffic classes or traffic 

15 types. For example, between application/protocol (e.g., HTTP, SMTP, FTP, Telnet), 

16 data-type (e.g., MIME type, HTML, JPEG, RealAudio, WAV, MOV), 

17 source/destination identifier (e.g., IP address, user name, domain, URQ), type (real-time, 

18 interactive, throughput-intense), direction (inbound/outbound), and the like. Further traffic 

19 classes are based upon specifics user (e.g., President, Shipping Clerk), business group 

20 (e.g., Sales, Engineering, Accounting), priority (e.g., user-determined priority levels), 

21 direction (e.g., inbound, outbound, customer, guest). 
22 

23 FIG. 3 illustrates an example of a hierarchical model for determining bandwidth sharing. 

24 This model is merely an illustration and should not limit the scope of the claims herein. As 

25 illustrated in FIG. 3, a hierarchical model is represented as a tree, with the root 

26 representing the total available bandwidth, each branch node representing aggregated 

27 traffic (meta-traffic classes), and the leaves representing individual connections (traffic 

28 classes). This model gives the user flexibility in defining and implementing a service policy 

29 or multiple service policies. For example, the network traffic is first divided in different 

30 ways and then the specific policy refined from a top down approach or amalgamated from 

3 1 a bottom up approach. This model also provides the user with different methods for 

32 different traffic classes since it abstracts the policy definition from the enforcement or 

33 implementation. 
34 

35 The user typically has competing factors to consider when determining a network QoS 

36 policy, including bandwidth "guarantees", latency "guarantees", and exception control. It 

37 should be understood "guarantees" refer to best efforts of the system to provide service, 

38 and does not in any way imply an absolute guarantee of service. For example, obviously 

39 no service can be provided or guaranteed if the network connection is inoperative, if the 

40 Internet Service Provider (ISP) has hardware or software glitches, or there is a general 

41 Internet crash. 
42 

43 A first factor is bandwidth guarantee, or data throughput guarantee, and how excess 

44 bandwidth is shared. For traffic classes that have data intensive requirements this is an 

45 important criteria. Typically, the user initially determines what are the minimum bandwidth 
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1 guarantees that are given for different traffic classes or for connections relying on data 

2 from the different traffic classes, before determining a policy. As result of the policy, the 

3 system monitors the actual bandwidth provided to different classes, and preferably if 

4 bandwidth is critically low, the system attempts to provide at least the minimum 

5 bandwidth to the different traffic classes. 
6 



7 A review shows that Vaid doesn't disclose a QoS system as in claim 1 . Vaid may disclose which. 

8 traffic classes or traffic types, such as application protocol such as HTTP, FTP, etc.) (col. 5, lines 

9 20-60). This is not the differentiates services based on application layer tags of claim 1 . One of 

10 ordinary skill in the art could not combine the teaching Vaid with Goyal in order to provide the 

1 1 method of claim 1. Claim 1 is not limited to improve the use of bandwidth management in a wide 

12 area network by applying various techniques for rate controlling bases on various attributes of a 

13 connection as supported by Vaid (col. 2, lines 33-35; col. 5. lines 20-60). 

14 Furthermore the combined art does not allude to "employing differentiating a service class in a 

15 kernel providing service differentiation as a kernel service based on application level information." 

16 The combined art does not allude to "using service differentiation to provide different levels of 

17 quality of service for system performance to users to perform service differentiation based on 

18 content in at least one data packet for connections accepted in said at least one system" The 

19 combined art does not allude to "providing content aware application header-based service 

20 differentiation in a Web server which communicates with clients over a network protecting the 

21 Web server against overload by controlling the amount and rate of work entering the system." 

22 The combined art does not allude to "capturing said at least one data packet until a complete 

23 application header is detected ." The combined art does not allude to "parsing said complete 

24 application header to determine at least one application tag within the kernel which include 

25 classification and action rules ." The combined art does not allude to "matching said at least one 

26 application tag to at least one matching rule ." The combined art does not allude to "determining 

27 a presence of at least one application tag match with said at least one matching rule ." The 

28 combined art does not allude to "performing service differentiation action based on said at least 

29 one matching rule in order to provide a particular level of service from said different levels of 

30 service ." The combined art certainly does not allude to "deleting and adding rules based upon a 
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1 user request. Thus claim 1 and all claims that depend on it are allowable over the cited combined 

2 art. 



5 In response, the applicants respectfully states that a review of Vaid shows that Vaid fails to 

6 disclose a method that differentiates services based on application layer tags. Vaid's. traffic 

7 classes or traffic types, such as application protocol such as HTTP, FTP, etc. (col. 5, lines 20-60) 

8 are not an application layer tag as in claim 2. Goyal is referring to network addresses from the 

9 TCP transport layer (col 1, lines 35-45) which is not application layer information. Thus claim 2 

10 is allowable over the cited art for itself and because it depends on an allowable claim. 

11 5. Referring to claim 3, it is an inherent feature in HTTP that the URI (i.e. 

12 destination address) is the second string in the HTTP header, (the first string is the 

1 3 action word, such as GET POST HEAD 8Th. etc.). 

14 In response, the applicants respectfully states that they exception with the equivalencies of claim 3 

15 and the application of inherentcy to Goyal and Vaid. Goyal is referring to intercepting system 

16 calls that operate on the transport layer network address which is part of the communication 

17 protocol not application headers like HTTP. Thus claim 3 is allowable over the cited art for itself 

18 and because it depends on an allowable claim. 

19 6. Referring to claim 4, Goyal discloses employing a table having at east one matching 

20 rule (i.e. Qos parameter table 119) (Figure 1; col. 7, lines 60-65). 

21 In response, the applicants respectfully states that they exception with the equivalencies of claim 4 

22 and the application of inherentcy to Goyal and Vaid. Goyal col. 7, lines 60-65 reads: 

23 In the embodiment of the present invention depicted in FIG. 2, a virtual host quality of 

24 service application program 117 executes in the computer memory 103. The quality of 

25 service program 117 inserts a quality of service parameter table 119 into the operating 

26 system 105 of the host computer 101. The quality of service table 119 contains quality of 

27 service parameters for each network address 201 associated with one of the virtual hosts 

28 115 serviced by the virtual host server 107. The quality of service program 117 utilizes 

29 techniques known in the art to insert the table 119 into the operating system 105. In a 

30 preferred embodiment, the present invention dynamically links a module to an operating 



3 
4 



4. Referring to claim 2, Vaid discloses the application tag includes a tag in an 
application protocol (col. 5, lines 20-60). 
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1 system kernel, while the kernel is active. The module is preferably in the form of object 

2 code comprising an empty quality of service table 119, and subroutines to add, modify, 

3 and delete quality of service parameters for different virtual hosts. The quality of service 

4 application program 117 then calls the appropriate subroutine to add the quality of service 

5 parameters for the virtual hosts 115 serviced by the server program 107. The quality of 

6 service program 117 utilizes the subroutines to add, modify, and delete quality of service 

7 parameters as desired. In alternative embodiments, the module contains additional 

8 subroutines, or only a subset of the subroutines listed above. In one alternative 

9 embodiment, the table 1 19 is first filled with quality of service parameters and then linked 

10 to kernel as a module. In an alternative embodiment, the quality of service table 1 19 is 

1 1 stored outside of the operating system 105 in computer memory 103. 



12 A review of this section shows that indeed Goyal does not allude to "employing a table having 

13 said at least one matching rule based on application layer information," as in claim 4. A review of 

14 the other cited portion of Goyal (col. 7, line 63) employs a table which can be matched on 

15 network address from the TCP transport layer but that is not matched based on application layer 

16 information. Claim 4 is based on application layer information. Thus claim 4 is allowable over the 

17 cited art for itself and because it depends on an allowable claim. 



1 8 7. Referring to claim 5, Goyal discloses finding a best match (i. e. finding the network 

19 address requested) (col. 9, lines 30-45). 

20 In response, the applicants respectfully states that they exception with the equivalencies of claim 5 

21 and the alleged best match to Goyal. Goyal only finds a best match on network address but not 

22 any other type of content like application layer information. Claim 5 is content for application 

23 layer information. Thus claim 5 is allowable over the cited art for itself and because it depends on 

24 an allowable claim. 

25 8. Referring to claim 6 Goyal discloses service differentiation includes rate controlling 

26 (i.e. guaranteeing a quality of service) (col. 9, lines 38-55). 

27 In response, the applicants respectfully states that they exception with the equivalencies of claim 6 

28 and the alleged service differentiation includes rate controlling (i.e. guaranteeing a quality of 

29 service) to Goyal. Goyal does not disclose the any of the claimed mechanisms for service 

30 differentiation and further does not disclose any of the mechanisms disclosed in claim 6. Claim 6 

31 reads: 
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1 6. A method as in claim 1, wherein said step of performing service differentiation action 

2 includes at least one action taken from a group of actions including: scheduling 

3 connections, monitoring, request prioritization, and a policing action. 

4 Thus claim 6 is allowable over the cited art for itself and because it depends on allowable claim 1 . 

5 9. Referring to claim 8, Goya/ discloses said action includes protocol control (i.e. 

6 QoS rate guaranteeing) (col. 9, lines 30-35). 



7 In response, the applicants respectfully states that they exception with the equivalencies of claim 8 

8 and the alleged action including protocol control (i.e. QoS rate guaranteeing) (col. 9, lines 30-35) 

9 to Goyal. The protocol of claim 8 is not found in the referenced portion of Goyal (col 9. lines 

10 30-35). Goyal does not disclose any of the mechanisms for service differentiation and further 

1 1 does not disclose any of the mechanisms disclosed in claim 8. Thus claim 8 is allowable over the 

12 cited art for itself and because it ultimately depends on allowable claim 1 . 

13 10. Referring to claim 9, Goyal discloses installing at least one matching rule (i.e. the 

14 Virtual Host QoS program 117 inserts the QoS Table 119 into the OS to be used by the 

15 QoS manager 127) (col. 7, lines 60-65). 

16 In response, the applicants respectfully states that they exception with the equivalencies of claim 9 

17 and the alleged installing at least one matching rule (i.e. the Virtual Host QoS program 117inserts 

18 the QoS Table 119 into the OS to be used by the QoS manager 127) (col. 7, lines 60-65) to 

19 Goyal. Goyal only installs matching rules on network addresses not any other content like 

20 application information. A review of the cited portion of Goyal (col. 7, lines 60-65) employs a 

21 table which can be matched on network address from the TCP transport layer but that are not 

22 matched based on application layer information. Claim 9 is amended to show that it is based on 

23 application layer information. Thus claim 9 is allowable over the cited art for itself and because it 

24 depends on allowable claim 1 . 

25 11. Referring to claims 10 and 11, Goyal discloses detecting establishment of a new 

26 TCP connection (i.e. request for Address) (col. 1, lines 15-20; col. 6, lines 45-50). 
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1 In response, the applicants respectfully states that they exception with the equivalencies of claims 

2 10 and 11, and the alleged disclosed detecting establishment of a new TCP connection (i.e. 

3 request for Address) (col. 1, lines 15-20; col. 6, lines 45-50) to Goyal. 



4 Goyal col. 1, lines 15-20 reads: 

5 With the popularity and success of the Internet, server technologies are of great 

6 commercial importance today. Typically, a server program executing on a single physical 

7 host computer services client requests made to a single network address allocated to the 

8 host. However, using Transmission Control Protocol (TCP) and other transport protocols, 

9 a server application executing on a single physical host can be programmed to process 

10 requests made to multiple network addresses. Such functionality is known as virtual 

1 1 hosting. 

12 Goyal col. 6, lines 45-50 reads: 

13 Client computers 1 1 1 send requests 1 1 3 to a plurality of virtual hosts 1 1 5 which are 

14 supported by the server 107. All such requests are received by the server application 

15 program 107 and are processed by the child processes 109. For purposes of example, FIG. 

16 1 illustrates three client computers 1 1 1 (client computer 1 1 1 A, client computer 1 1 IB, and 

17 client computer 1 1 1C), each making separate requests 1 13 to a separate virtual host 115. 

18 It is to be understood that more or fewer client computers 1 1 1 can make more or fewer 

19 requests 1 13 to more or fewer virtual hosts 1 15. It is to be understood that the clients 1 1 1 

20 are typically remote from the server 107 and physical host computer 101. 



21 A review of the cited portions shows that Goyal does disclose detecting establishment of a new 

22 TCP connection but for the purpose of routing connections to one of multiple virtual hosts on a 

23 single physical system by intercepting system calls not to provide admission control and service 

24 differentiation based on connection and application level information. 

25 Besides, claim 10 is amended to include "and providing admission control and service 

26 differentiation based on connection and application level information." Thus claims 10 and 1 1 are 

27 allowable over Goyal each for itself and because each depends on an allowable claim. 



28 12. Re ferring to claim 12, Goyal discloses the step of establishing a new TCP 

29 connection includes receiving a SYN packet, sending a SYN-ACK packet, deferring 

3 0 accept receiving A CK for SYN-A CK and deferring notification of data packet ( this is an 

3 1 inherent feature of the HTTP basic 3-way handshake for Conned ion synchronization 

32 which can be found in the Transmission Control Protocol DARPA Internet program 
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1 Protocol Specification September 1981 prepared by Information Sciences Institute, USC, 

2 page. 31 Figure 7) (col. 6, lines 45-50). 

3 In response, the applicants respectfully states that they exception with the equivalencies of claim 

4 12 and the alleged HTTP inherentcy and the art to Goyal. Claim 12 reads: 

5 12. A method as in claim 11, wherein said step of establishing of a new TCP connection 

6 includes for application header based service differentiation: receiving SYN packet; 

7 sending SYN-ACK packet; deferring accept; receiving ACK for SYN-ACK packet; and 

8 deferring notification of data packet. 



9 Goyal (col. 1, line 34) may indeed indicate that the 3 -way handshake is an inherent feature of 

10 TCP. But Goyal does not disclose using the 3-way handshake for application header based 

1 1 service differentiation. Thus claim 12 is allowable over the cited art for itself and because it 

12 ultimately depends on allowable claim 1. 

13 13. Referring to claim 13, detecting application header delimiters for said data packet 

14 m an inherent feature of Goyal since without this detection step, the system would not 

15 know where the header starts and ends. 

16 In response, the applicants respectfully states that they exception with the equivalencies of claim 

17 13 and the alleged HTTP inherentcy and the art to Goyal. Goyal is not referring to application 

18 headers like HTTP in their disclosure, they are referring to transport or network layer headers 

19 which are defined as clear offsets in the TCP/IP protocol. So Goyal does not have to detect 

20 application layer delimiters. Thus claim 13 is allowable over the cited art for itself and because it 



21 depends on allowable claim 1. 

22 14. Claims 14, and 18-20, 22, and 23 are rejected for similar reasons as stated above. 

23 In response, the applicants respectfully states that they exception with the equivalencies of Claims 

24 14, and 18-20, 22, and 23 and the art to Goyal and/or Taylor. It is unfortunate that the office 

25 communication does not even attempt to show the art citations regarding Claims 14, and 18-20, 

26 22, and 23 
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1 In response, the applicants respectfully states that claim 14 reads: 



2 14. An apparatus comprising a service differentiation module employing at least one 

3 system for differentiating at least one service class in a kernel providing service 

4 differentiation as a kernel service based on application level information, and using service 

5 differentiation to provide different levels of quality of service for system performance to 

6 users for connections accepted in said at least one system, and providing content aware 

7 application header-based service differentiation in a server which communicates with 

8 clients over a network protecting the server against overload by controlling the amount 

9 and rate of work entering the system, said module including a tangible computing medium 

10 enabling functions of: 

1 1 a provider of admission control and service differentiation based on connection and 

12 application level information; 

13 a parser to parse a client Web request; 

14 a classifier to classify the request based on application headers and assigning a request 

1 5 class within a kernel; 

16 a selector to determine an action rule based on the request class; and 

17 a performer to apply the action rule based on the request class in order to provide better 

18 system performance for higher classed packets and connections. 



19 A review of Goyal shows that Goyal does not disclose providing service differentiation by parsing 

20 application layer information (e.g. HTTP headers). They are only concerned with network 

21 addresses and Goyal don't disclose any mechanism for an operating system resource for quality of 

22 service or service differentiation. 
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1 Goyal does not do providing content aware application header-based service differentiation in a 

2 server which communicates with clients over a network protecting the server against overload by 

3 controlling the amount and rate of work entering the system. 

4 Goyal does not have the provider of admission control and service differentiation based on 

5 connection and application level information. 

6 Goyal does not have the parser since Goyal is not parsing an application tag. 

7 Goyal does not have the selector since Goyal does not have a parsed application tag to select on. 

8 Goyal does not have the performer since Goyal makes requests for service differentiation to be 

9 performed by the operating system quality of service manager, and does define the actions of the 

10 quality of service manager as for claim 14. 

1 1 Furthermore, Goyal doesn't provide service differentiation as a kernel service based on application 

12 level information of Claims 14, and 18-20,22, and 23. Thus Claims 14 is allowable, and claims 

13 18-20,22, and 23 are allowable over the cited art each for itself and because its dependence on an 

14 allowable claim. 

15 Claim 7 is rejected under 35 U.S.C. 103(a) as being unpatentable over Goyal in view of 

16 Vaid in view of Taylor et al. (USPN 6, 728,885) (hereinafter Taylor) (cited in previous 

17 Office Actions). 

1 8 75. Goyal discloses the invention substantively as described in claim 1. Goyal does not 

1 9 specifically disclose the step of performing service differentiation includes dropping 

20 based on rules that are created to provide better performance to the connections that are 

2 1 accepted. In analogous art, Taylor discloses another service differentiation system which 

22 includes dropping a connection based on rules that are created to provide better 

23 performance to the connections that are accepted (i.e. all firewall rules inherently 

24 provide better performance to those connections that are accepted since firewall rules 

25 block incoming traffic which will congest the network and thwart attackers from 

26 disabling the network) (col. 6, lines 25-30). It would have been obvious to one of 

27 ordinary skill in the art to combine the teaching of Taylor with Goyal in order to achieve 
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1 

2 



requested levels of security while meeting performance constraints as supported by 
Taylor (col. 3, lines 20-25). 



3 In response, the applicants respectfully state that they take exception with the equivalencies of the 

4 elements of claim 7 and the inventions of Goyal with Taylor. Claim 7 is not made obvious by the 

5 combination of the inventions of Goyal and Taylor. The cited art to Taylor, US Patent 6,728,885, 

6 filed: October 8, 1999, is entitled: "System and method for network access control using adaptive 

7 proxies". The Taylor abstract reads: 

8 "A method, system and computer program for providing multilevel security to a computer 

9 network. The method comprises the step of receiving a first communication packet on at 

10 least one network interface port from an outside network. The method further includes the 

1 1 steps of filtering the first packet in one of at least two levels of security comprising a first 

12 level of security which examines the content information of the packet and a second level 

13 of security which examines the first packet excluding the content information of the 

14 packet. The system includes a first packet filter configured to filter its input packets by 

15 examining content information of its packets and a second packet filter configured to filter 

16 its input packets by examining the header information without examining the content 

17 information of its packets. The system further includes a third filter which is configured to 

18 forward a number of packets to one of the first and second filters, thereby providing 

19 security to the computer network. The computer program includes a first module located 

20 in an application layer, a second module located in a network layer, and a third module 

21 located in a kernel space and configured to examine a number of packets received by the 

22 computer network from at least one outside network and to forward the number of 

23 packets to one of the first and second modules after examining the number of packets". 

24 Thus Taylor is concerned with system security. Taylor is not concerned with system performance 

25 as in the Claim 7. Furthermore there is not reason to make the combination of Goyal and Taylor, 

26 except using hindsight in an attempt to reconstruct the elements of claim 7. A combination of art 

27 may not be made if not referred to in one of the cited references. Thus claim 7 is allowable over 

28 the cited art. 



DOCKET NUMBER: YOR920010561US2 



23/25 



Serial No.: 10/053,012 



1 In response, the applicants respectfully states that they exception with the equivalencies of the 



2 claimed invention and the application of inherentcy to Goyal and Taylor The cited portion to 

3 Taylor, col. 3, lines 20-25 reads: 

4 Such specification of resource allocation is called a guarantee of quality of service. 
5 

6 A server, which is a process, executing on a dedicated physical host services client 

7 requests for a single network address (physical host) only. Thus, quality of service can 

8 simply be set for the server to the quality of service appropriate for the host. A virtual host 

9 server services numerous client requests for multiple virtual hosts. A single virtual host 

10 server provides host services for a plurality of customers all of whom may require different 

1 1 quality of service. Although it would be possible to set a single quality of service for the 

12 virtual host server, no single quality of service is appropriate for all of the virtual hosts. 

13 The other cited portion to Taylor, col. 6, lines 25-30 reads: 

14 DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENTS 
15 

16 System Overview 
17 

18 FIG. 1 presents a high level overview of a system for setting quality of service guarantees 

19 for virtual hosts in accordance with a preferred embodiment of the present invention. A 

20 single, physical host computer 101 contains computer memory 103, conventional 

21 processor(s), networking interfaces, and input/output devices (not shown). An operating 

22 system 105, a virtual host server application program 107, and a plurality of child 

23 processes 109 of the server application program 107 reside in the computer memory 103. 

24 For purposes of example, FIG. 1 illustrates three child processes 109 of the virtual host 

25 server application program 107: a first child process 109A, a second child process 109B, 

26 and a third child process 109C. It is to be understood that more or fewer child processes 

27 109 can reside in the computer memory 103 as desired. 



28 

29 A review of these portions apparently shows that Taylor [and Goyal] do not disclose or make 

30 obvious any actions from an operating system resource that provide quality of service or service 

3 1 differentiation for an application. Goyal relies on resources provided by the operating system to 

32 provide quality of service or service differentiation and does not specify any actions as stated in 

33 claim 6 or claim 7. Taylor discloses a single action dropping for purpose of security via a firewall 

34 with no mention of performance gain. Dropping has an indirect benefit of performance 

35 improvement only if the administrator properly sets the dropping rule for performance and not 

36 just security. There is no indication in the referenced art of an administrator setting performance 
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1 based rules. Thus claim 7 is allowable over the cited art for itself and because it depends on 

2 allowable claim 1 . 



6 In response, the applicants respectfully states that the office communication fails to respond to the 

7 many particular remarks made previously, particularly in regard to dependent claims which are 

8 rejected to Goyal alone. This is believed to be a requirement. 

9 Applicants have further modified the claims in the present application in accordance with 

10 understanding made in a telephone conversation with the Examiner, on February 26, 07. 

1 1 Applicants show their appreciation for the suggestions made. It is believed that all claims not 

12 withdrawn are certainly now allowable. 

13 It is anticipated that the present amendment brings to allowance of all claims 1-23 not withdrawn. In the 

14 event that any questions remain, please contact the undersigned before issuing a FINAL rejection. 

1 5 Please charge any fee necessary to enter this paper to deposit account 50-05 10. 

16 Respectfully submitted, 

17 By: /Louis Herzberg/ 

18 Dr. Louis P. Herzberg 

19 Reg. No. 41,500 

20 Voice Tel. (845) 352-31 94 

21 Fax. (845)352-3194 

22 3 Cloverdale Lane 

23 Monsey, NY 10952 

24 Customer Number: 54856 



3 



Response to Arguments 



4 
5 



16. Applicants arguments filed October 10, 2005 have been fully considered but they are 
moot in view of the new grounds of rejection. 
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